James Cloos <[email protected]> writes: >>>>>> "KF" == Karl Fogel <[email protected]> writes: >KF> 4. In ~jrandom/.ssh/authorized_keys, put this line: >KF> command="/usr/bin/bzr serve --inet --allow-writes >--directory=/src/bzr" ssh-rsa <<<LONG BASE64 PUBLIC KEY>>> >jran...@clientcomment > >Using bzr as the auth_key command rather than the restricted shell means >that it will no longer be possible to archive the repos via rsync/ssh. > >It also makes it impossible to use sftp or rsync to look at the contents >of the repo to debug issues, such as surprises from moved branches, repo >restructuring, et al. > >Those losses should be avoided. Anon-rsync would work, but rsync/ssh or >sftp are probably the better ways to go.
I'm no longer recommending the authorized_keys method; I only came up with that because I hadn't seen how things were set up on bzr.sv. Now that I have, I made a different recommendation -- see my later mail: http://lists.gnu.org/archive/html/savannah-hackers-public/2010-03/msg00027.html (We would still lose sftp, but we were planning to anyway.) Best, -Karl
